Security & compliance
Built for airlines that cannot afford security incidents.
aerolead.ai runs in environments where lost bags are multi‑million dollar problems and regulators expect complete transparency. Every layer—from network to workflows—is designed so security is the default, not an afterthought.
Data isolation
Per‑airline tenancy, dedicated VPCs, and strict separation of logs, metrics, and baggage data.
Encryption everywhere
TLS 1.2+ in transit, AES‑256 at rest, with keys in managed HSMs and strict rotation policies.
Least privilege
Granular roles aligned to airline org charts, short‑lived access, and complete auditability.
Standards & certifications
- SOC 2 Type II — program in flight with Big‑4 aligned auditor and airline partners.
- ISO 27001 — roadmap aligned to aviation data residency requirements.
- Data residency — EU, GCC, and APAC regional hosting, with strict cross‑border controls.
Data protection
- Field‑level access policies for sensitive PNR and claim data.
- Strict separation between production and lower environments.
- Immutable audit logs for every configuration and access change.
Operational security
- Hardware security keys for all production access.
- 24/7 monitoring and alerting on abusive and anomalous behaviour.
- Regular penetration testing with aviation‑experienced partners.
Compliance & privacy
- DPAs tailored per airline and per‑region regulatory context.
- Support for subject access and deletion workflows.
- Shared security model playbook to align aerolead.ai and airline responsibilities.